> ## Documentation Index > Fetch the complete documentation index at: https://docs.onlyfansapi.com/llms.txt > Use this file to discover all available pages before exploring further. # Start Authentication (/api-reference/connect-onlyfans-account/start-authentication) Start the authentication process for a new account. Supports three methods: email/password (default), cookies & headers (raw\_data), or FansAPI Auth+ mobile app (mobile\_app). For email/password, our systems will bypass Captcha and ask you for 2FA if required. For raw\_data, provide session cookies directly for instant authentication. For mobile\_app, the response includes a `mobile_auth_session_deeplink` that the creator opens on their phone (or scans as a QR code) to complete authentication via the FansAPI Auth+ mobile app. All credentials are stored securely and encrypted at rest. ## OpenAPI ````yaml https://app.onlyfansapi.com/scribe-docs/openapi.yaml post /api/authenticate openapi: 3.0.3 info: title: OnlyFans API description: "" version: 1.0.0 servers: - url: https://app.onlyfansapi.com security: - default: [] tags: - name: API Keys description: "" - name: Account description: Endpoints for your linked accounts - name: Analytics - Financial description: APIs for retrieving financial analytics data - name: Analytics - Summary description: APIs for retrieving summary analytics data - name: Banking description: Operations related to user banking details, payout methods, legal and tax information, and account country settings. - name: Chargebacks description: "" - name: Chat Messages description: "" - name: Chats description: "" - name: Client Sessions description: "" - name: Connect OnlyFans Account description: "" - name: Data Exports description: APIs for managing data exports - name: Engagement / Messages description: "" - name: Fans description: APIs for managing OnlyFans fans (subscribers) - name: Fans - AI Summary description: APIs for generating and retrieving AI-powered fan profile summaries - name: Following description: APIs for managing OnlyFans followings (people you're subscribed to) - name: Free Trial Links description: APIs for managing Free Trial Links - name: Giphy description: "" - name: Link Tags description: APIs for managing tags on free trial links and tracking links - name: Mass Messaging description: "" - name: Media description: "" - name: Media Vault description: "" - name: Media Vault Lists description: "" - name: Notifications description: Endpoints for managingr account notifications - name: Payouts description: "" - name: Post Comments description: "" - name: Post Labels description: APIs for managing your post labels - name: Posts description: APIs for managing OnlyFans posts - name: Promotions description: "" - name: Public Profiles description: "" - name: Queue description: "" - name: Release Forms description: APIs for managing OnlyFans release forms - name: Saved For Later (Messages) description: "" - name: Saved For Later (Posts) description: "" - name: Settings description: "" - name: Shared Free Trial Links description: APIs for Free Trial Links that other OF creators have shared with this account. Revenue, cost, and spender data are not available for shared links. - name: Shared Tracking Links description: APIs for Tracking Links (campaigns) that other OF creators have shared with this account. Revenue, cost, and spender data are not available for shared campaigns. - name: Smart Link Postbacks description: APIs for managing Smart Link postback destinations - name: Smart Links description: APIs for managing Smart Links (Free Trial Links and Tracking Links with pooled inventory) - name: Statistics description: "" - name: Stored Free Trial Links description: Instant APIs for retrieving stored free trial links from the OnlyFansAPI Cache (free, no credits used) - name: Stored Shared Free Trial Links description: Instant APIs for retrieving stored shared Free Trial Links from the OnlyFansAPI Cache (free, no credits used) - name: Stored Shared Tracking Links description: Instant APIs for retrieving stored shared Tracking Links (campaigns) from the OnlyFansAPI Cache (free, no credits used) - name: Stored Tracking Links description: Instant APIs for retrieving stored tracking links from the OnlyFansAPI Cache (free, no credits used) - name: Stories description: APIs for managing OnlyFans stories - name: Story Highlights description: APIs for managing OnlyFans story highlights - name: Subscription Bundles description: "" - name: Tracking Links description: APIs for managing tracking links - name: Transactions description: APIs for managing OnlyFans transactions - name: User List Collections description: "" - name: Users description: APIs for fetching OnlyFans users - name: Webhooks description: "" paths: /api/authenticate: post: summary: Start Authentication operationId: startAuthentication description: "Start the authentication process for a new account. Supports three methods: email/password (default), cookies & headers (raw_data), or FansAPI Auth+ mobile app (mobile_app). For email/password, our systems will bypass Captcha and ask you for 2FA if required. For raw_data, provide session cookies directly for instant authentication. For mobile_app, the response includes a `mobile_auth_session_deeplink` that the creator opens on their phone (or scans as a QR code) to complete authentication via the FansAPI Auth+ mobile app. All credentials are stored securely and encrypted at rest." parameters: [] responses: "200": description: "" content: application/json: schema: oneOf: - description: For email_password or raw_data auth types type: object example: attempt_id: auth_XXXXXXXXXXXXXXXXXXXXX message: Authentication process started. Query the polling_url to check the progress. polling_url: https://app.onlyfansapi.com/api/authenticate/auth_XXXXXXXXXXXXXXXXXXXXX properties: attempt_id: type: string example: auth_XXXXXXXXXXXXXXXXXXXXX message: type: string example: Authentication process started. Query the polling_url to check the progress. polling_url: type: string example: https://app.onlyfansapi.com/api/authenticate/auth_XXXXXXXXXXXXXXXXXXXXX - description: For mobile_app auth type — includes the session code to scan with the FansAPI Auth+ app type: object example: attempt_id: auth_XXXXXXXXXXXXXXXXXXXXX message: Authentication process started. Query the polling_url to check the progress. polling_url: https://app.onlyfansapi.com/api/authenticate/auth_XXXXXXXXXXXXXXXXXXXXX mobile_auth_session_deeplink: fansapiauth://auth/fansapi_auth_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX properties: attempt_id: type: string example: auth_XXXXXXXXXXXXXXXXXXXXX message: type: string example: Authentication process started. Query the polling_url to check the progress. polling_url: type: string example: https://app.onlyfansapi.com/api/authenticate/auth_XXXXXXXXXXXXXXXXXXXXX mobile_auth_session_deeplink: type: string example: fansapiauth://auth/fansapi_auth_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX tags: - Connect OnlyFans Account requestBody: required: false content: application/json: schema: type: object properties: auth_type: type: string description: The authentication method to use. Defaults to `email_password` if omitted. Use `mobile_app` to authenticate via the FansAPI Auth+ mobile app (no credential fields required). example: email_password enum: - email_password - raw_data - mobile_app name: type: string description: A display name for the account. If omitted, defaults to the email address or auth_id. example: iure email: type: string description: The email address of the OnlyFans account. Required when auth_type is `email_password`. example: zlueilwitz@example.org password: type: string description: The password of the OnlyFans account. Required when auth_type is `email_password`. example: y2-!V^;1 auth_id: type: string description: The auth_id from OnlyFans session cookies. Required when auth_type is `raw_data`. example: tempora cookies: type: string description: The full cookie string (semicolon-separated). Required when auth_type is `raw_data`. example: veritatis xbc: type: string description: The X-BC token from request headers. Required when auth_type is `raw_data`. example: quaerat user_agent: type: string description: The browser User-Agent string. Required when auth_type is `raw_data`. example: facere proxyCountry: type: string description: The country of the managed proxy server you want to use. Eg. "us" for United States. Cannot be used together with customProxy. example: us enum: - us - uk customProxy: type: object description: Custom proxy configuration. Cannot be used together with proxyCountry. example: [] properties: host: type: string description: The hostname or IP address of your custom proxy server example: proxy.example.com port: type: integer description: The port number of your custom proxy server (1-65535) example: 8080 username: type: string description: The username for proxy authentication (optional) example: provident password: type: string description: The password for proxy authentication (optional) example: p9KVfhU force_connect: type: boolean description: Set to true to connect the account even if it already exists example: false components: securitySchemes: default: type: http scheme: bearer description: Get your API Key from OnlyFansAPI Console - https://app.onlyfansapi.com/api-keys ````